Threat Intelligence Blog

Weekly Threat Intelligence Brief: February 7, 2018

Posted February 7, 2018

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Information Security Risk

“A popular car-sharing company has disclosed a major data breach seven months after it was first detected in June 2017 as the alleged hacker was arrested by Australian police. In an email sent to customers on January 31, the firm said its IT team identified “unauthorised activity” on its system on 27 June last year and immediately launched a full internal investigation. Between May and July last year, the man allegedly illegally accessed the service’s database and downloaded customers’ personal data on two occasions and used it to access vehicles on at least 33 occasions without consent. The compromised data includes customers’ names, addresses, email addresses, phone numbers, dates of birth, driver’s license details, employers, emergency contact details and administrative account details.”

Energy

“Five Greenpeace activists were arrested after breaking into Port Taranaki and boarding the Mermaid Searcher (an Amazon Warrior supply vessel) in protest of oil and gas exploration. The group gained entry to the port operations area by breaching security fences early Wednesday morning. While on board, two of the women chained themselves to the deck and the two men climbed the ship’s mast where they unveiled a Greenpeace banner. Greenpeace posted a press release addressing the incident, saying the protest “follows a decade of popular opposition to oil and gas from local communities and iwi up and down the country. Taranaki iwi have written an open letter to Ardern, calling on her to halt seismic testing off their coastline. In a second press release, Greenpeace announced that the activists involved in the protest are being threatened with charges under the Anadarko Amendment – a 2013 Amendment to the Crown Minerals Act making it an offense to interfere with oil exploration ships at sea.”

Defense

“Security researchers have spotted a new strain of sophisticated malware that is targeting several high-profile entities, including five universities, twenty-three private companies and several government organizations. The phishing email, disguised as a message from FedEx, claims that the delivery service could not deliver a package that exceeded its “free-deliver limit” and the user must physically collect it at a nearby outlet. It requests users to click on a link to download and print out an “attached label” that needs to be submitted to receive the parcel. The malicious link itself is disguised as a Google Drive link. Once a user clicks on it, the hackers’ website pops up with the malicious “Lebal copy.exe” file ready to download. Masquerading as a normal Adobe Acrobat document, Lebal copy is actually a piece of malicious malware designed to harvest a slew of sensitive data from victims.”

Technology

“Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks. The Meltdown and Spectre attack methods allow malicious applications to bypass memory isolation mechanisms and access passwords, photos, documents, emails, and other sensitive data. Shortly after Spectre and Meltdown were disclosed on January 3, experts warned that we could soon see remote attacks, especially since a JavaScript-based proof-of-concept (PoC) exploit for Spectre had been made available. On January 17, antivirus testing firm AV-TEST reported that it had seen 77 malware samples apparently related to the CPU vulnerabilities, and the number had increased to 119 by January 23. On Wednesday, researchers told SecurityWeek that it has obtained 139 samples from various sources, including researchers, testers and antivirus companies.”